IP Reputation

This is an automated, free, public email IP reputation system.
For people contributing data, the results are already better than anything else used with spamassassin. Now we just need more data to make it more useful for everybody else.

The primary goal is a whitelist. Other data is provided as a consequence.

$trusted_networks is very important, as it prevents you from reporting the IP address of your trusted relays instead of the IP actually sending the email. Include the IPs (or CIDRs) from both trusted_networks and internal_networks SpamAssassin values, documented here:
network test options,
trust path.
It's pretty normal for this to be empty.

Please run as a daily cron job.

Another option is to feed the email through STDIN with the --live-ham or --live-spam arguments, and later upload the data with the --upload argument (probably from cron):

cat ham.txt | ./iprep.pl --live-ham
./iprep.pl --upload

Account

Email me for an account to allow you to upload. Please email me from a non-freemail account. Major examples of freemail accounts, which I do not want you to email me from, are gmail.com, yahoo.com, and hotmail.com. SpamAssassin has a more complete list of freemail providers. This is just an attempt to make it slightly more difficult for spammers to send me bad data.

Please let me know what username you'd like, so I don't have to guess. Please mention "iprep" in the subject. And I'd be curious to hear how you found out about this project.

DNS White / Black list

While I don't want to use DNS to provide the data long term, I am doing it now for testing.

The zone is iprep.chaosreigns.com, with the typical reversed IP address lookup, and 127.0.0.<type> values. The values are 0, 50, and 100. 0 means 0% of the mail from the IP has been ham, 100 means it was 100%, and 50 means anything in the middle. Only 0.04% of the data is between 0% and 100%, which is why I'm not currently providing more ranges. So to look up 74.125.82.51, do:

Plans

I'm planning to provide the data only via rsync, because I think this will reduce bandwidth loads. I'll create a SpamAssassin plugin to retrieve the data directly and create the SpamAssassin tests for it.

IPv6

IPv6 is supported. IPs are aggregated to /48 blocks. So all IPs in 1234:5678:9012:* are lumped together. It is entirely possible this will change.

Mutt (mail reader) colorization

The mail reader I use is mutt. In my ~/.muttrc I have the following, to easily see what hasn't been flagged as ham by this data:

Google's white paper on reputation systems

"Seems like this could all be more useful if there was a good way to
automatically report addresses that sent non-spam."
- Darxus, November 2006, discussing dnswl.org. This sort of
automation is still not used by dnswl.org, and a substantial part of my
reason for creating this project.
I have been involved with DNSWL since then.
I have provided a DNSWL DNS mirror since March 2007.